“Skygofree” trojan can intercept your WhatsApp messages
A newly discovered strain of malware can perform a range of attacks including intercepting your WhatsApp messages, according to a blog post by security firm Kaspersky.
Known as Skygofree, the trojan appears on fake mobile network websites disguised as an update that will improve mobile internet speeds; should a user be deceived by it, the app displays a notification to conceal its installation. Then, once on the device, it can connect to a remote server and download a range of different ‘payloads’, enabling it to target the user.
Attacks within its repertoire include turning on the device’s microphone, taking control of its Wi-Fi settings and monitoring popular apps like Facebook Messenger, Skype and WhatsApp. Last but not least, it can also take a picture with the selfie camera every time the phone is unlocked.
All of these are naturally fraught with risks for the device owner, but the ability to control the device’s Wi-Fi is especially concerning, because it allows the criminals to connect it to a network they control and intercept all of your internet traffic including passwords and credit card numbers. Logging messages and use of the camera could also theoretically leave the user open to blackmail attempts.
In order to monitor apps like WhatsApp and Skype, Skygofree needs access to Accessibility Services, which requires the user’s permission. The app jumps this hurdle by hiding the request behind another, seemingly innocuous request.
The app is also sophisticated enough to enable the microphone only in specific locations, a type of attack that’s not been seen before. “In practice, this means that attackers can start listening in on victims when, say, they enter the office or visit the CEO’s home,” the blog highlights.
Although the malware was only discovered by Kaspersky in late 2017, the company says there’s evidence that criminals have been using and enhancing it ever since 2014. “Over the past three years, it has grown from a rather simple piece of malware into full-fledged, multifunctional spyware,” it explains.
The good news is that Kaspersky’s cloud protection service has only detected a few infections in the wild, none of which were in the UK. The risks of installing it, for now, then are pretty low. To protect yourself, the company advises only installing apps from known app stores. “Pay attention to misspelled app names, small numbers of downloads, or dubious requests for permissions — any of these things should raise flags”, it adds.
You can download the Kaspersky’s Mobile Antivirus from the Google Play Store.